Integrations
      Back to home
      1. Help center
      2. Integrations

      VPN Tunneling

      Connect to your company's internal databases using a secure VPN tunnel

      MineOS allows using a VPN tunnel to securely connect to your company's internal resources, such as databases.

      Follow this guide to setup a VPN tunnel.

       

      Before you begin:

      • Make sure you have a MineOS account with an enterprise plan. If the VPN feature is not enabled for your account, ask your customer success manager to enable it.
      • Make sure you have your VPN gateway's public IP address ready.
      • You should be comfortable setting up a VPN gateway and configuring routing/network rules, as wrong settings might lead to an insecure setup!

       

      Creating the VPN tunnel in MineOS:

      1. Login to your MineOS account and goto Settings -> VPN Tunnel
      2. Type in the public IP of your VPN gateway.
      3. Type in your pre-shared key. If you don't yet have a key, you can generate one here. 
        1. Note: MineOS does not store your key, and will not be able to retrieve it later for you.
      4. Click Create tunnel and wait for the tunnel to be provisioned. This can take a few minutes.
        Screenshot 2023-07-09 at 11.48.04
      5. Once the tunnel has been provisioned, you will see the "waiting for a connection..." message:
        1. You can copy the MineOS gateway IP and paste it in your gateway's settings.
        2. You can also copy the MineOS subnet, which is the source IP range for any traffic outgoing to your network. Use this subnet to whitelist it in your firewall settings.

          Tunnel Basic Settings

          • IKE Version: 2
          • Local Selector Subnet: 0.0.0.0/0
          • Remote Selector Subnet: 0.0.0.0/0
          Tunnel Advanced Settings
      1. Once your gateway and tunnel is configured on your side and a successful connection have been made, you should see the status change to "Connected".
      2. Lastly, add the IP addresses/ranges you want to make routable through the tunnel, under the "Set routes" section.
        1. Note: leaving this section empty renders the VPN useless, as no IPs will be routable through itScreenshot 2023-07-09 at 11.54.16

      That's it, you have successfully setup a VPN tunnel! Any integrations that use IPs from the subnets added will be routed through the VPN.

       

      Changing VPN Settings

      1. You can add/remove subnets at any time.
      2. To make changes to the gateway/tunnel settings, you will have to delete the VPN tunnel and setting it up again. A tunnel can be deleted by pressing "Delete tunnel" at the top of the page.

      Troubleshooting

      Any error during the setup process is displayed in the settings page inside MineOS, so its easy for you to troubleshoot. If you need further help, please reach out to your customer success manager.

       

      Current Limitations

      MineOS VPN feature currently has the following limitations:

      1. The supported VPN Tunnel protocol is: IPSec.
      2. Maximum number of VPN tunnels per MineOS account is 1.
      3. The VPN Tunnel cannot route traffic to any of the following reserved subnets:
        1. 10.20.248.0/21
        2. 10.128.0.0/9
        3. 10.36.0.0/14
        4. 10.101.0.0/20
        5. 10.0.8.0/23

       

      Tunnel Advanced Settings

      • IKE Lifetime: 8h
      • Tunnel Lifetime: 1h
      • Encryption(Phase 1): aes256
      • Encryption(Phase 2): aes256
      • Integrity (Phase 1): sha512
      • Integrity (Phase 2): sha512
      • Diffie-Hellman Groups (Phase 1): 21
      • Diffie-Hellman Groups (Phase 2): 21
      • Dead Peer Detection Delay: 10s
      • Dead Peer Detection Timeout: 30s
      These are suggestions, for other options use this Google article.